[RFC PATCH v1 1/4] spl: Kconfig: add SPL_SECURE_OS_BOOT config symbol
Tom Rini
trini at konsulko.com
Fri Jun 27 01:47:16 CEST 2025
On Thu, Jun 26, 2025 at 05:34:39PM +0530, Anshul Dalal wrote:
> This patch adds the new SPL_SECURE_OS_BOOT symbol that enables secure boot flow
> in falcon mode.
>
> Signed-off-by: Anshul Dalal <anshuld at ti.com>
> ---
> common/spl/Kconfig | 7 +++++++
> 1 file changed, 7 insertions(+)
>
> diff --git a/common/spl/Kconfig b/common/spl/Kconfig
> index 880192043c4..8d153c2e9c9 100644
> --- a/common/spl/Kconfig
> +++ b/common/spl/Kconfig
> @@ -1196,6 +1196,13 @@ config SPL_OS_BOOT
> Enable booting directly to an OS from SPL.
> for more info read doc/README.falcon
>
> +config SPL_SECURE_OS_BOOT
> + bool "Activate Secure Falcon Mode"
> + depends on SPL_OS_BOOT
> + help
> + Enables support for secure boot in falcon mode by restricting the SPL to
> + only loading a fitImage instead of raw kernel images or DTBs.
The base symbol here is SPL_OS_BOOT so this should become
SPL_OS_BOOT_SECURE and say something like "Allow Falcon Mode on secure
devices" with the help text saying that this allows for using Falcon
Mode on devices where general security features such as signature
verification are enabled and this will then disallow some inherently
non-securable options.
--
Tom
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 659 bytes
Desc: not available
URL: <https://lists.denx.de/pipermail/u-boot/attachments/20250626/f7c29cb0/attachment.sig>
More information about the U-Boot
mailing list